Project import generated by Copybara.
GitOrigin-RevId: 5a127c04ece96433b9596710e7acd87aabffda74
diff --git a/0001-Revert-SFE-ESP-changes.patch b/0001-Revert-SFE-ESP-changes.patch
new file mode 100644
index 0000000..d824011
--- /dev/null
+++ b/0001-Revert-SFE-ESP-changes.patch
@@ -0,0 +1,876 @@
+From 466a71a2b97c575ebc0cab4e2af94b00e83c2218 Mon Sep 17 00:00:00 2001
+From: Siva Eluri <eluris@google.com>
+Date: Fri, 3 Nov 2023 12:05:09 -0700
+Subject: [PATCH] Revert SFE ESP changes
+
+Change-Id: Ib5816fc4cc80ac8d1b6219d35871298c7bd5b409
+---
+ qca-nss-sfe/Makefile | 4 +-
+ qca-nss-sfe/sfe.c | 6 -
+ qca-nss-sfe/sfe_ipv4.c | 31 +---
+ qca-nss-sfe/sfe_ipv4.h | 4 -
+ qca-nss-sfe/sfe_ipv4_esp.c | 295 -------------------------------------
+ qca-nss-sfe/sfe_ipv4_esp.h | 21 ---
+ qca-nss-sfe/sfe_ipv6.c | 29 +---
+ qca-nss-sfe/sfe_ipv6.h | 4 -
+ qca-nss-sfe/sfe_ipv6_esp.c | 275 ----------------------------------
+ qca-nss-sfe/sfe_ipv6_esp.h | 21 ---
+ 10 files changed, 5 insertions(+), 685 deletions(-)
+ delete mode 100644 qca-nss-sfe/sfe_ipv4_esp.c
+ delete mode 100644 qca-nss-sfe/sfe_ipv4_esp.h
+ delete mode 100644 qca-nss-sfe/sfe_ipv6_esp.c
+ delete mode 100644 qca-nss-sfe/sfe_ipv6_esp.h
+
+diff --git a/qca-nss-sfe/Makefile b/qca-nss-sfe/Makefile
+index 6ac42d3..d52146c 100644
+--- a/qca-nss-sfe/Makefile
++++ b/qca-nss-sfe/Makefile
+@@ -5,8 +5,8 @@
+ KERNELVERSION := $(word 1, $(subst ., ,$(KERNELVERSION))).$(word 2, $(subst ., ,$(KERNELVERSION)))
+
+ SFE_BASE_OBJS := sfe.o sfe_init.o
+-SFE_IPV4_OBJS := sfe_ipv4.o sfe_ipv4_udp.o sfe_ipv4_tcp.o sfe_ipv4_icmp.o sfe_ipv4_esp.o
+-SFE_IPV6_OBJS := sfe_ipv6.o sfe_ipv6_udp.o sfe_ipv6_tcp.o sfe_ipv6_icmp.o sfe_ipv6_tunipip6.o sfe_ipv6_esp.o
++SFE_IPV4_OBJS := sfe_ipv4.o sfe_ipv4_udp.o sfe_ipv4_tcp.o sfe_ipv4_icmp.o
++SFE_IPV6_OBJS := sfe_ipv6.o sfe_ipv6_udp.o sfe_ipv6_tcp.o sfe_ipv6_icmp.o sfe_ipv6_tunipip6.o
+ SFE_PPPOE_OBJS := sfe_pppoe.o
+
+
+diff --git a/qca-nss-sfe/sfe.c b/qca-nss-sfe/sfe.c
+index 8bc387c..b352e9a 100644
+--- a/qca-nss-sfe/sfe.c
++++ b/qca-nss-sfe/sfe.c
+@@ -680,9 +680,6 @@ sfe_tx_status_t sfe_create_ipv4_rule_msg(struct sfe_ctx_instance_internal *sfe_c
+ case IPPROTO_GRE:
+ break;
+
+- case IPPROTO_ESP:
+- break;
+-
+ default:
+ ret = SFE_CMN_RESPONSE_EMSG;
+ sfe_incr_exceptions(SFE_EXCEPTION_PROTOCOL_NOT_SUPPORT);
+@@ -1051,9 +1048,6 @@ sfe_tx_status_t sfe_create_ipv6_rule_msg(struct sfe_ctx_instance_internal *sfe_c
+ case IPPROTO_GRE:
+ break;
+
+- case IPPROTO_ESP:
+- break;
+-
+ default:
+ ret = SFE_CMN_RESPONSE_EMSG;
+ sfe_incr_exceptions(SFE_EXCEPTION_PROTOCOL_NOT_SUPPORT);
+diff --git a/qca-nss-sfe/sfe_ipv4.c b/qca-nss-sfe/sfe_ipv4.c
+index 48eec72..aeb9a42 100644
+--- a/qca-nss-sfe/sfe_ipv4.c
++++ b/qca-nss-sfe/sfe_ipv4.c
+@@ -45,7 +45,6 @@
+ #include "sfe_ipv4_icmp.h"
+ #include "sfe_pppoe.h"
+ #include "sfe_ipv4_gre.h"
+-#include "sfe_ipv4_esp.h"
+
+ static char *sfe_ipv4_exception_events_string[SFE_IPV4_EXCEPTION_EVENT_LAST] = {
+ "UDP_HEADER_INCOMPLETE",
+@@ -96,10 +95,6 @@ static char *sfe_ipv4_exception_events_string[SFE_IPV4_EXCEPTION_EVENT_LAST] = {
+ "GRE_IP_OPTIONS_OR_INITIAL_FRAGMENT",
+ "GRE_SMALL_TTL",
+ "GRE_NEEDS_FRAGMENTATION",
+- "ESP_NO_CONNECTION",
+- "ESP_IP_OPTIONS_OR_INITIAL_FRAGMENT",
+- "ESP_NEEDS_FRAGMENTATION",
+- "ESP_SMALL_TTL"
+ };
+
+ static struct sfe_ipv4 __si;
+@@ -876,10 +871,6 @@ int sfe_ipv4_recv(struct net_device *dev, struct sk_buff *skb, struct sfe_l2_inf
+ return sfe_ipv4_recv_tcp(si, skb, dev, len, iph, ihl, sync_on_find, l2_info);
+ }
+
+- if (IPPROTO_ESP == protocol) {
+- return sfe_ipv4_recv_esp(si, skb, dev, len, iph, ihl, sync_on_find, tun_outer);
+- }
+-
+ if (IPPROTO_ICMP == protocol) {
+ return sfe_ipv4_recv_icmp(si, skb, dev, len, iph, ihl);
+ }
+@@ -1279,8 +1270,7 @@ int sfe_ipv4_create_rule(struct sfe_ipv4_rule_create_msg *msg)
+ }
+ }
+
+- if (((IPPROTO_GRE == tuple->protocol) || (IPPROTO_ESP == tuple->protocol)) &&
+- !sfe_ipv4_is_local_ip(si, original_cm->match_dest_ip)) {
++ if ((IPPROTO_GRE == tuple->protocol) && !sfe_ipv4_is_local_ip(si, original_cm->match_dest_ip)) {
+ original_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_PASSTHROUGH;
+ }
+
+@@ -1460,8 +1450,7 @@ int sfe_ipv4_create_rule(struct sfe_ipv4_rule_create_msg *msg)
+ reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_FAST_XMIT_DEV_ADMISSION;
+ }
+
+- if (((IPPROTO_GRE == tuple->protocol) || (IPPROTO_ESP == tuple->protocol)) &&
+- !sfe_ipv4_is_local_ip(si, reply_cm->match_dest_ip)) {
++ if ((IPPROTO_GRE == tuple->protocol) && !sfe_ipv4_is_local_ip(si, reply_cm->match_dest_ip)) {
+ reply_cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_PASSTHROUGH;
+ }
+
+@@ -1571,22 +1560,6 @@ int sfe_ipv4_create_rule(struct sfe_ipv4_rule_create_msg *msg)
+ }
+ #endif
+
+- if ((IPPROTO_ESP == tuple->protocol) && !(reply_cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PASSTHROUGH)) {
+- rcu_read_lock();
+- reply_cm->proto = rcu_dereference(inet_protos[IPPROTO_ESP]);
+- rcu_read_unlock();
+-
+- if (unlikely(!reply_cm->proto)) {
+- kfree(reply_cm);
+- kfree(original_cm);
+- kfree(c);
+- dev_put(src_dev);
+- dev_put(dest_dev);
+- DEBUG_WARN("sfe: ESP proto handler is not registered\n");
+- return -EPERM;
+- }
+- }
+-
+ #ifdef CONFIG_NF_FLOW_COOKIE
+ reply_cm->flow_cookie = 0;
+ #endif
+diff --git a/qca-nss-sfe/sfe_ipv4.h b/qca-nss-sfe/sfe_ipv4.h
+index fcbc09b..4e8169b 100644
+--- a/qca-nss-sfe/sfe_ipv4.h
++++ b/qca-nss-sfe/sfe_ipv4.h
+@@ -288,10 +288,6 @@ enum sfe_ipv4_exception_events {
+ SFE_IPV4_EXCEPTION_EVENT_GRE_IP_OPTIONS_OR_INITIAL_FRAGMENT,
+ SFE_IPV4_EXCEPTION_EVENT_GRE_SMALL_TTL,
+ SFE_IPV4_EXCEPTION_EVENT_GRE_NEEDS_FRAGMENTATION,
+- SFE_IPV4_EXCEPTION_EVENT_ESP_NO_CONNECTION,
+- SFE_IPV4_EXCEPTION_EVENT_ESP_IP_OPTIONS_OR_INITIAL_FRAGMENT,
+- SFE_IPV4_EXCEPTION_EVENT_ESP_NEEDS_FRAGMENTATION,
+- SFE_IPV4_EXCEPTION_EVENT_ESP_SMALL_TTL,
+ SFE_IPV4_EXCEPTION_EVENT_LAST
+ };
+
+diff --git a/qca-nss-sfe/sfe_ipv4_esp.c b/qca-nss-sfe/sfe_ipv4_esp.c
+deleted file mode 100644
+index f0b4941..0000000
+--- a/qca-nss-sfe/sfe_ipv4_esp.c
++++ /dev/null
+@@ -1,295 +0,0 @@
+-/*
+- * sfe_ipv4_esp.c
+- * Shortcut forwarding engine - IPv4 ESP implementation
+- *
+- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+- *
+- * Permission to use, copy, modify, and/or distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+- */
+-
+-#include <linux/skbuff.h>
+-#include <net/protocol.h>
+-#include <net/ip.h>
+-#include <linux/etherdevice.h>
+-#include <linux/lockdep.h>
+-
+-#include "sfe_debug.h"
+-#include "sfe_api.h"
+-#include "sfe.h"
+-#include "sfe_flow_cookie.h"
+-#include "sfe_ipv4.h"
+-#include "sfe_ipv4_esp.h"
+-
+-/*
+- * sfe_ipv4_recv_esp()
+- * Handle ESP packet receives and forwarding
+- */
+-int sfe_ipv4_recv_esp(struct sfe_ipv4 *si, struct sk_buff *skb, struct net_device *dev,
+- unsigned int len, struct iphdr *iph, unsigned int ihl,
+- bool sync_on_find, bool tun_outer)
+-{
+- struct sfe_ipv4_connection_match *cm;
+- struct net_device *xmit_dev;
+- struct net_protocol *ipprot;
+- netdev_features_t features;
+- bool passthrough;
+- bool bridge_flow;
+- bool fast_xmit;
+- bool hw_csum;
+- __be32 src_ip;
+- __be32 dest_ip;
+- bool ret;
+- u8 ttl;
+-
+- /*
+- * Read the IP address from the iphdr, and set the src/dst ports to 0.
+- */
+- src_ip = iph->saddr;
+- dest_ip = iph->daddr;
+- rcu_read_lock();
+-
+- /*
+- * Look for a connection match.
+- */
+-#ifdef CONFIG_NF_FLOW_COOKIE
+- cm = si->sfe_flow_cookie_table[skb->flow_cookie & SFE_FLOW_COOKIE_MASK].match;
+- if (unlikely(!cm)) {
+- cm = sfe_ipv4_find_ipv4_connection_match_rcu(si, dev, IPPROTO_ESP, src_ip, 0, dest_ip, 0);
+- }
+-#else
+- cm = sfe_ipv4_find_connection_match_rcu(si, dev, IPPROTO_ESP, src_ip, 0, dest_ip, 0);
+-#endif
+- if (unlikely(!cm)) {
+- rcu_read_unlock();
+- sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_ESP_NO_CONNECTION);
+- DEBUG_TRACE("no connection found for esp packet\n");
+- return 0;
+- }
+-
+- /*
+- * Source interface validate.
+- */
+- if (unlikely((cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_SRC_INTERFACE_CHECK) && (cm->match_dev != dev))) {
+- struct sfe_ipv4_connection *c = cm->connection;
+- int ret;
+-
+- spin_lock_bh(&si->lock);
+- ret = sfe_ipv4_remove_connection(si, c);
+- spin_unlock_bh(&si->lock);
+-
+- if (ret) {
+- sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
+- }
+- rcu_read_unlock();
+- sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_INVALID_SRC_IFACE);
+- DEBUG_TRACE("flush on wrong source interface check failure\n");
+- return 0;
+- }
+-
+- passthrough = cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PASSTHROUGH;
+- bridge_flow = !!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_BRIDGE_FLOW);
+-
+- /*
+- * If our packet has been marked as "sync on find" we can't actually
+- * forward it in the fast path, but now that we've found an associated
+- * connection we need sync its status before exception it to slow path unless
+- * it is passthrough (packets not directed to DUT) packet.
+- * TODO: revisit to ensure that pass through traffic is not bypassing firewall for fragmented cases
+- */
+- if (unlikely(sync_on_find) && !passthrough) {
+- sfe_ipv4_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
+- rcu_read_unlock();
+- sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_ESP_IP_OPTIONS_OR_INITIAL_FRAGMENT);
+- DEBUG_TRACE("%px: sfe: sync on find\n", cm);
+- return 0;
+- }
+-
+- /*
+- * Check if skb was cloned. If it was, unshare it.
+- */
+- if (unlikely(skb_cloned(skb))) {
+- DEBUG_TRACE("%px: skb is a cloned skb\n", skb);
+- skb = skb_unshare(skb, GFP_ATOMIC);
+- if (!skb) {
+- DEBUG_WARN("Failed to unshare the cloned skb\n");
+- rcu_read_unlock();
+- return 0;
+- }
+-
+- /*
+- * Update the iphdr pointer with the unshared skb's data area.
+- */
+- iph = (struct iphdr *)skb->data;
+- }
+-
+- /*
+- * Enable HW csum if rx checksum is verified and xmit interface is CSUM offload capable.
+- */
+- hw_csum = !!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_CSUM_OFFLOAD) && (skb->ip_summed == CHECKSUM_UNNECESSARY);
+-
+- /*
+- * proto decap packet.
+- * Invoke the inet_protocol handler for delivery of the packet.
+- */
+- ipprot = rcu_dereference(cm->proto);
+- if (likely(ipprot)) {
+- skb_reset_network_header(skb);
+- skb_pull(skb, ihl);
+- skb_reset_transport_header(skb);
+- xmit_dev = cm->xmit_dev;
+- skb->dev = xmit_dev;
+-
+- ret = ipprot->handler(skb);
+- if (ret) {
+- rcu_read_unlock();
+- this_cpu_inc(si->stats_pcpu->packets_not_forwarded64);
+- DEBUG_TRACE("ESP handler returned error %u\n", ret);
+- return 0;
+- }
+-
+- /*
+- * Update traffic stats.
+- */
+- atomic_inc(&cm->rx_packet_count);
+- atomic_add(len, &cm->rx_byte_count);
+-
+- rcu_read_unlock();
+- this_cpu_inc(si->stats_pcpu->packets_forwarded64);
+- return 1;
+- }
+-
+- /*
+- * esp passthrough / ip local out scenarios.
+- */
+- /*
+- * If our packet is larger than the MTU of the transmit interface then
+- * we can't forward it easily.
+- */
+- if (unlikely(len > cm->xmit_dev_mtu)) {
+- sfe_ipv4_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
+- rcu_read_unlock();
+- sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_ESP_NEEDS_FRAGMENTATION);
+- DEBUG_TRACE("%px: sfe: larger than MTU\n", cm);
+- return 0;
+- }
+-
+- /*
+- * need to ensure that TTL is >=2.
+- */
+- ttl = iph->ttl;
+- if (!bridge_flow && (ttl < 2) && passthrough) {
+- sfe_ipv4_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
+- rcu_read_unlock();
+-
+- DEBUG_TRACE("%px: sfe: TTL too low\n", skb);
+- sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_ESP_SMALL_TTL);
+- return 0;
+- }
+-
+- /*
+- * decrement TTL by 1.
+- */
+- iph->ttl = (ttl - (u8)(!bridge_flow && !tun_outer));
+-
+- /*
+- * Update DSCP
+- */
+- if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK)) {
+- iph->tos = (iph->tos & SFE_IPV4_DSCP_MASK) | cm->dscp;
+- }
+-
+- /*
+- * Replace the IP checksum.
+- */
+- if (likely(hw_csum)) {
+- skb->ip_summed = CHECKSUM_PARTIAL;
+- } else {
+- iph->check = sfe_ipv4_gen_ip_csum(iph);
+- }
+-
+- /*
+- * Update traffic stats.
+- */
+- atomic_inc(&cm->rx_packet_count);
+- atomic_add(len, &cm->rx_byte_count);
+-
+- xmit_dev = cm->xmit_dev;
+- skb->dev = xmit_dev;
+-
+- /*
+- * write the layer - 2 header.
+- */
+- if (likely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) {
+- if (unlikely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) {
+- dev_hard_header(skb, xmit_dev, ETH_P_IP, cm->xmit_dest_mac, cm->xmit_src_mac, len);
+- } else {
+- /*
+- * For the simple case we write this really fast.
+- */
+- struct ethhdr *eth = (struct ethhdr *)__skb_push(skb, ETH_HLEN);
+- eth->h_proto = htons(ETH_P_IP);
+- ether_addr_copy((u8 *)eth->h_dest, (u8 *)cm->xmit_dest_mac);
+- ether_addr_copy((u8 *)eth->h_source, (u8 *)cm->xmit_src_mac);
+- }
+- }
+-
+- /*
+- * Update priority of skb
+- */
+- if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) {
+- skb->priority = cm->priority;
+- }
+-
+- /*
+- * Mark outgoing packet.
+- */
+- if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_MARK)) {
+- skb->mark = cm->mark;
+- }
+-
+- /*
+- * For the first packets, check if it could got fast xmit.
+- */
+- if (unlikely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_FAST_XMIT_FLOW_CHECKED)
+- && (cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_FAST_XMIT_DEV_ADMISSION))){
+- cm->features = netif_skb_features(skb);
+- if (likely(sfe_fast_xmit_check(skb, cm->features))) {
+- cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_FAST_XMIT;
+- }
+- cm->flags |= SFE_IPV4_CONNECTION_MATCH_FLAG_FAST_XMIT_FLOW_CHECKED;
+- }
+-
+- features = cm->features;
+- fast_xmit = !!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_FAST_XMIT);
+-
+- rcu_read_unlock();
+- this_cpu_inc(si->stats_pcpu->packets_forwarded64);
+- prefetch(skb_shinfo(skb));
+-
+- /*
+- * We do per packet condition check before we could fast xmit the
+- * packet.
+- */
+- if (likely(fast_xmit && dev_fast_xmit(skb, xmit_dev, features))) {
+- this_cpu_inc(si->stats_pcpu->packets_fast_xmited64);
+- return 1;
+- }
+-
+- /*
+- * Mark that this packet has been fast forwarded.
+- */
+- skb->fast_forwarded = 1;
+-
+- dev_queue_xmit(skb);
+- return 1;
+-}
+diff --git a/qca-nss-sfe/sfe_ipv4_esp.h b/qca-nss-sfe/sfe_ipv4_esp.h
+deleted file mode 100644
+index f889605..0000000
+--- a/qca-nss-sfe/sfe_ipv4_esp.h
++++ /dev/null
+@@ -1,21 +0,0 @@
+-/*
+- * sfe_ipv4_esp.h
+- * Shortcut forwarding engine - IPv4 ESP header file
+- *
+- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+- *
+- * Permission to use, copy, modify, and/or distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+- */
+-
+-int sfe_ipv4_recv_esp(struct sfe_ipv4 *si, struct sk_buff *skb, struct net_device *dev, unsigned int len,
+- struct iphdr *iph, unsigned int ihl, bool sync_on_find, bool tun_outer);
+diff --git a/qca-nss-sfe/sfe_ipv6.c b/qca-nss-sfe/sfe_ipv6.c
+index 9b9539f..372d9fb 100644
+--- a/qca-nss-sfe/sfe_ipv6.c
++++ b/qca-nss-sfe/sfe_ipv6.c
+@@ -46,7 +46,6 @@
+ #include "sfe_pppoe.h"
+ #include "sfe_ipv6_tunipip6.h"
+ #include "sfe_ipv6_gre.h"
+-#include "sfe_ipv6_esp.h"
+
+ #define sfe_ipv6_addr_copy(src, dest) memcpy((void *)(dest), (void *)(src), 16)
+
+@@ -105,10 +104,6 @@ static char *sfe_ipv6_exception_events_string[SFE_IPV6_EXCEPTION_EVENT_LAST] = {
+ "GRE_IP_OPTIONS_OR_INITIAL_FRAGMENT",
+ "GRE_SMALL_TTL",
+ "GRE_NEEDS_FRAGMENTATION",
+- "ESP_NO_CONNECTION",
+- "ESP_IP_OPTIONS_OR_INITIAL_FRAGMENT",
+- "ESP_NEEDS_FRAGMENTATION",
+- "ESP_SMALL_TTL"
+ };
+
+ static struct sfe_ipv6 __si6;
+@@ -868,10 +863,6 @@ int sfe_ipv6_recv(struct net_device *dev, struct sk_buff *skb, struct sfe_l2_inf
+ return sfe_ipv6_recv_tcp(si, skb, dev, len, iph, ihl, sync_on_find, l2_info);
+ }
+
+- if (IPPROTO_ESP == next_hdr) {
+- return sfe_ipv6_recv_esp(si, skb, dev, len, iph, ihl, sync_on_find, tun_outer);
+- }
+-
+ if (IPPROTO_ICMPV6 == next_hdr) {
+ return sfe_ipv6_recv_icmp(si, skb, dev, len, iph, ihl);
+ }
+@@ -1547,7 +1538,7 @@ int sfe_ipv6_create_rule(struct sfe_ipv6_rule_create_msg *msg)
+ #ifdef SFE_GRE_TUN_ENABLE
+ if ((IPPROTO_GRE == tuple->protocol) && !(reply_cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_PASSTHROUGH)) {
+ rcu_read_lock();
+- reply_cm->proto = rcu_dereference(inet6_protos[IPPROTO_GRE]);
++ reply_cm->proto = rcu_dereference(inet6_protos[tuple->protocol]);
+ rcu_read_unlock();
+
+ if (unlikely(!reply_cm->proto)) {
+@@ -1564,24 +1555,6 @@ int sfe_ipv6_create_rule(struct sfe_ipv6_rule_create_msg *msg)
+ }
+ #endif
+
+- if ((IPPROTO_ESP == tuple->protocol) && !(reply_cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_PASSTHROUGH)) {
+- rcu_read_lock();
+- reply_cm->proto = rcu_dereference(inet6_protos[IPPROTO_ESP]);
+- rcu_read_unlock();
+-
+- if (unlikely(!reply_cm->proto)) {
+- this_cpu_inc(si->stats_pcpu->connection_create_failures64);
+- spin_unlock_bh(&si->lock);
+- kfree(reply_cm);
+- kfree(original_cm);
+- kfree(c);
+- dev_put(src_dev);
+- dev_put(dest_dev);
+- DEBUG_WARN("sfe: ESP proto handler is not registered\n");
+- return -EPERM;
+- }
+- }
+-
+ /*
+ * Decapsulation path have proto set.
+ * This is used to differentiate de/encap, and call protocol specific handler.
+diff --git a/qca-nss-sfe/sfe_ipv6.h b/qca-nss-sfe/sfe_ipv6.h
+index f9a33f8..9c78f1c 100644
+--- a/qca-nss-sfe/sfe_ipv6.h
++++ b/qca-nss-sfe/sfe_ipv6.h
+@@ -307,10 +307,6 @@ enum sfe_ipv6_exception_events {
+ SFE_IPV6_EXCEPTION_EVENT_GRE_IP_OPTIONS_OR_INITIAL_FRAGMENT,
+ SFE_IPV6_EXCEPTION_EVENT_GRE_SMALL_TTL,
+ SFE_IPV6_EXCEPTION_EVENT_GRE_NEEDS_FRAGMENTATION,
+- SFE_IPV6_EXCEPTION_EVENT_ESP_NO_CONNECTION,
+- SFE_IPV6_EXCEPTION_EVENT_ESP_IP_OPTIONS_OR_INITIAL_FRAGMENT,
+- SFE_IPV6_EXCEPTION_EVENT_ESP_NEEDS_FRAGMENTATION,
+- SFE_IPV6_EXCEPTION_EVENT_ESP_SMALL_TTL,
+ SFE_IPV6_EXCEPTION_EVENT_LAST
+ };
+
+diff --git a/qca-nss-sfe/sfe_ipv6_esp.c b/qca-nss-sfe/sfe_ipv6_esp.c
+deleted file mode 100644
+index 7a152e8..0000000
+--- a/qca-nss-sfe/sfe_ipv6_esp.c
++++ /dev/null
+@@ -1,275 +0,0 @@
+-/*
+- * sfe_ipv6_esp.c
+- * Shortcut forwarding engine - IPv6 ESP implementation
+- *
+- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+- *
+- * Permission to use, copy, modify, and/or distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+- */
+-
+-#include <linux/skbuff.h>
+-#include <net/protocol.h>
+-#include <net/ip6_checksum.h>
+-#include <linux/etherdevice.h>
+-#include <linux/version.h>
+-
+-#include "sfe_debug.h"
+-#include "sfe_api.h"
+-#include "sfe.h"
+-#include "sfe_flow_cookie.h"
+-#include "sfe_ipv6.h"
+-#include "sfe_ipv6_esp.h"
+-
+-/*
+- * sfe_ipv6_recv_esp()
+- * Handle ESP packet receives and forwarding
+- */
+-int sfe_ipv6_recv_esp(struct sfe_ipv6 *si, struct sk_buff *skb, struct net_device *dev,
+- unsigned int len, struct ipv6hdr *iph, unsigned int ihl,
+- bool sync_on_find, bool tun_outer)
+-{
+- struct sfe_ipv6_connection_match *cm;
+- struct sfe_ipv6_addr *src_ip;
+- struct sfe_ipv6_addr *dest_ip;
+- struct net_device *xmit_dev;
+- struct inet6_protocol *ipprot;
+- netdev_features_t features;
+- bool bridge_flow;
+- bool passthrough;
+- bool fast_xmit;
+- bool ret;
+-
+- /*
+- * Read the IP address from the iphdr, and set the src/dst ports to 0.
+- */
+- src_ip = (struct sfe_ipv6_addr *)iph->saddr.s6_addr32;
+- dest_ip = (struct sfe_ipv6_addr *)iph->daddr.s6_addr32;
+- rcu_read_lock();
+-
+- /*
+- * Look for a connection match.
+- */
+-#ifdef CONFIG_NF_FLOW_COOKIE
+- cm = si->sfe_flow_cookie_table[skb->flow_cookie & SFE_FLOW_COOKIE_MASK].match;
+- if (unlikely(!cm)) {
+- cm = sfe_ipv6_find_connection_match_rcu(si, dev, IPPROTO_ESP, src_ip, 0, dest_ip, 0);
+- }
+-#else
+- cm = sfe_ipv6_find_connection_match_rcu(si, dev, IPPROTO_ESP, src_ip, 0, dest_ip, 0);
+-#endif
+- if (unlikely(!cm)) {
+- rcu_read_unlock();
+- sfe_ipv6_exception_stats_inc(si, SFE_IPV6_EXCEPTION_EVENT_ESP_NO_CONNECTION);
+-
+- DEBUG_TRACE("no connection found for esp packet\n");
+- return 0;
+- }
+-
+- /*
+- * Source interface validate.
+- */
+- if (unlikely((cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_SRC_INTERFACE_CHECK) && (cm->match_dev != dev))) {
+- struct sfe_ipv6_connection *c = cm->connection;
+- int ret;
+-
+- spin_lock_bh(&si->lock);
+- ret = sfe_ipv6_remove_connection(si, c);
+- spin_unlock_bh(&si->lock);
+-
+- if (ret) {
+- sfe_ipv6_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
+- }
+- rcu_read_unlock();
+- sfe_ipv6_exception_stats_inc(si, SFE_IPV6_EXCEPTION_EVENT_INVALID_SRC_IFACE);
+- DEBUG_TRACE("flush on wrong source interface check failure\n");
+- return 0;
+- }
+-
+- passthrough = cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_PASSTHROUGH;
+- bridge_flow = !!(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_BRIDGE_FLOW);
+-
+- /*
+- * If our packet has beern marked as "sync on find" we can't actually
+- * forward it in the fast path, but now that we've found an associated
+- * connection we need sync its status before exception it to slow path. unless
+- * it is passthrough packet.
+- * TODO: revisit to ensure that pass through traffic is not bypassing firewall for fragmented cases
+- */
+- if (unlikely(sync_on_find) && !passthrough) {
+- sfe_ipv6_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
+- rcu_read_unlock();
+-
+- sfe_ipv6_exception_stats_inc(si, SFE_IPV6_EXCEPTION_EVENT_ESP_IP_OPTIONS_OR_INITIAL_FRAGMENT);
+- DEBUG_TRACE("Sync on find\n");
+- return 0;
+- }
+-
+- /*
+- * Check if skb was cloned. If it was, unshare it.
+- */
+- if (unlikely(skb_cloned(skb))) {
+- DEBUG_TRACE("%px: skb is a cloned skb\n", skb);
+- skb = skb_unshare(skb, GFP_ATOMIC);
+- if (!skb) {
+- DEBUG_WARN("Failed to unshare the cloned skb\n");
+- rcu_read_unlock();
+- return 0;
+- }
+-
+- /*
+- * Update the iphdr pointer with the unshared skb's data area.
+- */
+- iph = (struct ipv6hdr *)skb->data;
+- }
+-
+- /*
+- * proto decap packet.
+- * Invoke the inet_protocol handler for delivery of the packet.
+- */
+- ipprot = rcu_dereference(cm->proto);
+- if (likely(ipprot)) {
+- skb_reset_network_header(skb);
+- skb_pull(skb, ihl);
+- skb_reset_transport_header(skb);
+- xmit_dev = cm->xmit_dev;
+- skb->dev = xmit_dev;
+-
+- ret = ipprot->handler(skb);
+- if (ret) {
+- rcu_read_unlock();
+- this_cpu_inc(si->stats_pcpu->packets_not_forwarded64);
+- DEBUG_TRACE("ESP handler returned error %u\n", ret);
+- return 0;
+- }
+-
+- rcu_read_unlock();
+- this_cpu_inc(si->stats_pcpu->packets_forwarded64);
+- return 1;
+- }
+-
+- /*
+- * esp passthrough / ip local out scenarios
+- */
+- /*
+- * If our packet is larger than the MTU of the transmit interface then
+- * we can't forward it easily.
+- */
+- if (unlikely(len > cm->xmit_dev_mtu)) {
+- sfe_ipv6_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
+- rcu_read_unlock();
+-
+- sfe_ipv6_exception_stats_inc(si, SFE_IPV6_EXCEPTION_EVENT_ESP_NEEDS_FRAGMENTATION);
+- DEBUG_TRACE("Larger than MTU\n");
+- return 0;
+- }
+-
+- /*
+- * need to ensure that TTL is >=2.
+- */
+- if (!bridge_flow && (iph->hop_limit < 2) && passthrough) {
+- sfe_ipv6_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
+- rcu_read_unlock();
+-
+- sfe_ipv6_exception_stats_inc(si, SFE_IPV6_EXCEPTION_EVENT_ESP_SMALL_TTL);
+- DEBUG_TRACE("hop_limit too low\n");
+- return 0;
+- }
+-
+- /*
+- * decrement TTL by 1.
+- */
+- iph->hop_limit = iph->hop_limit - (u8)(!bridge_flow && !tun_outer);
+-
+- /*
+- * Update DSCP
+- */
+- if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK)) {
+- sfe_ipv6_change_dsfield(iph, cm->dscp);
+- }
+-
+- /*
+- * Update traffic stats.
+- */
+- atomic_inc(&cm->rx_packet_count);
+- atomic_add(len, &cm->rx_byte_count);
+-
+- xmit_dev = cm->xmit_dev;
+- skb->dev = xmit_dev;
+-
+- /*
+- * write the layer - 2 header.
+- */
+- if (likely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) {
+- if (unlikely(!(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) {
+- dev_hard_header(skb, xmit_dev, ETH_P_IPV6, cm->xmit_dest_mac, cm->xmit_src_mac, len);
+- } else {
+- /*
+- * For the simple case we write this really fast.
+- */
+- struct ethhdr *eth = (struct ethhdr *)__skb_push(skb, ETH_HLEN);
+- eth->h_proto = htons(ETH_P_IPV6);
+- ether_addr_copy((u8 *)eth->h_dest, (u8 *)cm->xmit_dest_mac);
+- ether_addr_copy((u8 *)eth->h_source, (u8 *)cm->xmit_src_mac);
+- }
+- }
+-
+- /*
+- * Update priority of skb.
+- */
+- if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) {
+- skb->priority = cm->priority;
+- }
+-
+- /*
+- * Mark outgoing packet.
+- */
+- if (unlikely(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_MARK)) {
+- skb->mark = cm->mark;
+- }
+-
+- /*
+- * For the first packets, check if it could got fast xmit.
+- */
+- if (unlikely(!(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_FAST_XMIT_FLOW_CHECKED)
+- && (cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_FAST_XMIT_DEV_ADMISSION))){
+- cm->features = netif_skb_features(skb);
+- if (likely(sfe_fast_xmit_check(skb, cm->features))) {
+- cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_FAST_XMIT;
+- }
+- cm->flags |= SFE_IPV6_CONNECTION_MATCH_FLAG_FAST_XMIT_FLOW_CHECKED;
+- }
+-
+- features = cm->features;
+- fast_xmit = !!(cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_FAST_XMIT);
+-
+- rcu_read_unlock();
+- this_cpu_inc(si->stats_pcpu->packets_forwarded64);
+- prefetch(skb_shinfo(skb));
+-
+- /*
+- * We do per packet condition check before we could fast xmit the
+- * packet.
+- */
+- if (likely(fast_xmit && dev_fast_xmit(skb, xmit_dev, features))) {
+- this_cpu_inc(si->stats_pcpu->packets_fast_xmited64);
+- return 1;
+- }
+-
+- /*
+- * Mark that this packet has been fast forwarded.
+- */
+- skb->fast_forwarded = 1;
+-
+- dev_queue_xmit(skb);
+- return 1;
+-}
+diff --git a/qca-nss-sfe/sfe_ipv6_esp.h b/qca-nss-sfe/sfe_ipv6_esp.h
+deleted file mode 100644
+index 2870670..0000000
+--- a/qca-nss-sfe/sfe_ipv6_esp.h
++++ /dev/null
+@@ -1,21 +0,0 @@
+-/*
+- * sfe_ipv6_esp.h
+- * Shortcut forwarding engine - IPv6 ESP header file
+- *
+- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+- *
+- * Permission to use, copy, modify, and/or distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+- */
+-
+-int sfe_ipv6_recv_esp(struct sfe_ipv6 *si, struct sk_buff *skb, struct net_device *dev, unsigned int len,
+- struct ipv6hdr *iph, unsigned int ihl, bool sync_on_find, bool tun_outer);
+--
+2.42.0.869.gea05f2083d-goog
+
diff --git a/build_scripts/build_all.sh b/build_scripts/build_all.sh
index 111d8c1..32edba4 100755
--- a/build_scripts/build_all.sh
+++ b/build_scripts/build_all.sh
@@ -4,11 +4,17 @@
top_dir=$(readlink -e $(dirname $0)/../../)
-declare -A PRODUCT_LIST=([sirocco]="sirocco-p1 sirocco-b1 sirocco-b3 sirocco-b4")
+# Plan to support different brezza board:
+# brezza-p1: 2022/08
+# brezza-p2: 2022/10
+# brezza-b1: 2023/01
+# brezza-b3: 2023/04
+# brezza-b4: 2023/05
+declare -A PRODUCT_LIST=([sirocco]="sirocco-p1 sirocco-b1 sirocco-b3 sirocco-b4" [brezza]="brezza-p0 brezza-p1 brezza-p2 brezza-b1 brezza-b3 brezza-b4")
function Help() {
echo "Usage: $0 <eureka_workspace> <product/board> [optional build number] [other options]"
- echo " valid product : sirocco"
+ echo " valid product : sirocco, brezza"
echo " available options: --venv_root=<venv_root>"
}
@@ -134,6 +140,10 @@
pushd ${top_dir}/sdk/qca-nss-ecm
./build.sh ${product} ${eureka_src_path}
popd
+
+ pushd ${top_dir}/ta
+ ./build.sh ${product} ${eureka_src_path}
+ popd
}
#########################
diff --git a/nat46/build.sh b/nat46/build.sh
index 9fccc30..3299a75 100755
--- a/nat46/build.sh
+++ b/nat46/build.sh
@@ -4,7 +4,7 @@
set -o errtrace
trap 'echo Fatal error: script $0 aborting at line $LINENO, command \"$BASH_COMMAND\" returned $?; exit 1' ERR
-PRODUCT_LIST="sirocco"
+PRODUCT_LIST="sirocco brezza"
NUM_JOBS=$(grep -c processor /proc/cpuinfo)
diff --git a/qca-nss-clients/build.sh b/qca-nss-clients/build.sh
index 88fb760..e155439 100755
--- a/qca-nss-clients/build.sh
+++ b/qca-nss-clients/build.sh
@@ -4,7 +4,7 @@
set -o errtrace
trap 'echo Fatal error: script $0 aborting at line $LINENO, command \"$BASH_COMMAND\" returned $?; exit 1' ERR
-PRODUCT_LIST="sirocco"
+PRODUCT_LIST="sirocco brezza"
NUM_JOBS=$(grep -c processor /proc/cpuinfo)
diff --git a/qca-nss-dp/build.sh b/qca-nss-dp/build.sh
index 026f25b..04f359d 100755
--- a/qca-nss-dp/build.sh
+++ b/qca-nss-dp/build.sh
@@ -4,7 +4,7 @@
set -o errtrace
trap 'echo Fatal error: script $0 aborting at line $LINENO, command \"$BASH_COMMAND\" returned $?; exit 1' ERR
-PRODUCT_LIST="sirocco"
+PRODUCT_LIST="sirocco brezza"
NUM_JOBS=$(grep -c processor /proc/cpuinfo)
diff --git a/qca-nss-dp/nss_dp_main.c b/qca-nss-dp/nss_dp_main.c
index f9607de..dea8c05 100644
--- a/qca-nss-dp/nss_dp_main.c
+++ b/qca-nss-dp/nss_dp_main.c
@@ -809,6 +809,7 @@
uint8_t *maddr;
struct nss_dp_dev *dp_priv;
struct resource memres_devtree = {0};
+ uint32_t is_wan_interface;
dp_priv = netdev_priv(netdev);
@@ -817,13 +818,17 @@
return -EFAULT;
}
+ if (of_property_read_u32(np, "is_wan", &is_wan_interface)) {
+ pr_err("%s: error reading is_wan\n", np->name);
+ return -EFAULT;
+ }
+
/*
- * change interface 1 name to wan0
- * change interface 2 name to lan0
+ * Name WAN/LAN interfaces as per hint from DTSI
*/
- if (dp_priv->macid == 1) {
+ if (is_wan_interface) {
strcpy(netdev->name, "wan0");
- } else if (dp_priv->macid == 2) {
+ } else {
strcpy(netdev->name, "lan0");
}
diff --git a/qca-nss-drv/build.sh b/qca-nss-drv/build.sh
index 9afc226..9677207 100755
--- a/qca-nss-drv/build.sh
+++ b/qca-nss-drv/build.sh
@@ -4,7 +4,7 @@
set -o errtrace
trap 'echo Fatal error: script $0 aborting at line $LINENO, command \"$BASH_COMMAND\" returned $?; exit 1' ERR
-PRODUCT_LIST="sirocco"
+PRODUCT_LIST="sirocco brezza"
NUM_JOBS=$(grep -c processor /proc/cpuinfo)
diff --git a/qca-nss-ecm/build.sh b/qca-nss-ecm/build.sh
index 452d82c..f1528d0 100755
--- a/qca-nss-ecm/build.sh
+++ b/qca-nss-ecm/build.sh
@@ -4,7 +4,7 @@
set -o errtrace
trap 'echo Fatal error: script $0 aborting at line $LINENO, command \"$BASH_COMMAND\" returned $?; exit 1' ERR
-PRODUCT_LIST="sirocco"
+PRODUCT_LIST="sirocco brezza"
NUM_JOBS=$(grep -c processor /proc/cpuinfo)
diff --git a/qca-nss-ecm/ecm_db/ecm_db_connection.c b/qca-nss-ecm/ecm_db/ecm_db_connection.c
index 717aa3a..054638e 100644
--- a/qca-nss-ecm/ecm_db/ecm_db_connection.c
+++ b/qca-nss-ecm/ecm_db/ecm_db_connection.c
@@ -406,45 +406,37 @@
DEBUG_CHECK_MAGIC(ci, ECM_DB_CONNECTION_INSTANCE_MAGIC, "%px: magic failed", ci);
/*
+ * Call the frontend's defunct callback function and handle the return values.
+ */
+ ret = ci->defunct(ci->feci, &accel_mode);
+
+ /*
* If connection's defunct timer is already removed from the groups,
* this means that the connection is timed out and already in defunct process.
- * So, let's not continue in this defunct process.
+ * So, we needn't destroy the connection any more.
*/
spin_lock_bh(&ecm_db_lock);
if (ci->defunct_timer.group == ECM_DB_TIMER_GROUPS_MAX) {
spin_unlock_bh(&ecm_db_lock);
return;
}
- spin_unlock_bh(&ecm_db_lock);
-
- /*
- * Call the frontend's defunct callback function and handle the return values.
- */
- ret = ci->defunct(ci->feci, &accel_mode);
/*
* If the defunct is success, first we should remove the timer and then release
- * the last reference. It is possible that while we are handling the defunct callback,
- * the timer was expired and removed from the list. So, we don't need to check the
- * return value of the timer removal function. Regardless of who removed the timer, we should
- * release the last reference.
+ * the last reference.
+ * If defunct fails and the connection state is in one of the fail states, we should remove the timer
+ * and release the last reference.
+ * the removal of timer will always be successful here, we needn't check the
+ * return value.
*/
- if (ret) {
- ecm_db_timer_group_entry_remove(&ci->defunct_timer);
+ if (ret || ECM_FRONT_END_ACCELERATION_FAILED(accel_mode)) {
+ _ecm_db_timer_group_entry_remove(&ci->defunct_timer);
+ spin_unlock_bh(&ecm_db_lock);
ecm_db_connection_deref(ci);
return;
}
- /*
- * If defunct fails and the connection state is in one of the fail states, we should remove the timer
- * and release the last reference. In this case we should check the timer removal function's return value
- * to make sure that it is removed by us.
- */
- if (ECM_FRONT_END_ACCELERATION_FAILED(accel_mode)) {
- if (ecm_db_timer_group_entry_remove(&ci->defunct_timer)) {
- ecm_db_connection_deref(ci);
- }
- }
+ spin_unlock_bh(&ecm_db_lock);
}
EXPORT_SYMBOL(ecm_db_connection_make_defunct);
diff --git a/qca-nss-ecm/ecm_interface.c b/qca-nss-ecm/ecm_interface.c
index 7058f15..2bc862d 100644
--- a/qca-nss-ecm/ecm_interface.c
+++ b/qca-nss-ecm/ecm_interface.c
@@ -1,7 +1,7 @@
/*
**************************************************************************
* Copyright (c) 2014-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
@@ -2579,7 +2579,6 @@
case ECM_DB_IFACE_TYPE_GRE_TUN:
case ECM_DB_IFACE_TYPE_GRE_TAP:
case ECM_DB_IFACE_TYPE_VXLAN:
- case ECM_DB_IFACE_TYPE_IPSEC_TUNNEL:
if (src_dev) {
*mtu = src_dev->mtu;
} else {
@@ -3203,22 +3202,6 @@
#endif
type_info.ipsec_tunnel.os_specific_ident = dev_interface_num;
- /*
- * Override the MTU size in the decap direction in case of IPSec tunnel.
- * This will apply to IPsec->WAN rule.
- * TODO: Move this override to accelerate function.
- */
- if (ip_hdr(skb)->version == IPVERSION) {
- if ((ip_hdr(skb)->protocol == IPPROTO_ESP) ||
- ((ip_hdr(skb)->protocol == IPPROTO_UDP) &&
- (udp_hdr(skb)->dest == htons(4500)))) {
- dev_mtu = ECM_DB_IFACE_MTU_MAX;
- }
- } else {
- if (ipv6_hdr(skb)->nexthdr == IPPROTO_ESP) {
- dev_mtu = ECM_DB_IFACE_MTU_MAX;
- }
- }
ii = ecm_interface_ipsec_tunnel_interface_establish(&type_info.ipsec_tunnel, dev_name, dev_interface_num, ae_interface_num, dev_mtu);
if (ii) {
diff --git a/qca-nss-ecm/examples/ecm_sfe_l2.c b/qca-nss-ecm/examples/ecm_sfe_l2.c
index dd64653..b69df5a 100644
--- a/qca-nss-ecm/examples/ecm_sfe_l2.c
+++ b/qca-nss-ecm/examples/ecm_sfe_l2.c
@@ -155,7 +155,6 @@
tuple->dest_addr, tuple->dest_port, tuple->protocol);
if (!rule) {
spin_unlock_bh(&ecm_sfe_l2_policy_rules_lock);
- pr_warn("No rule with this tuple\n");
goto done;
}
direction = rule->direction;
@@ -175,7 +174,6 @@
if (!rule) {
spin_unlock_bh(&ecm_sfe_l2_policy_rules_lock);
- pr_warn("No rule with this tuple\n");
goto done;
}
direction = rule->direction;
@@ -296,7 +294,7 @@
spin_unlock_bh(&ecm_sfe_l2_policy_rules_lock);
kfree(rule);
- pr_info("rule deleted\n");
+ pr_debug("rule deleted\n");
return true;
}
@@ -312,7 +310,7 @@
rule = ecm_sfe_l2_policy_rule_find(ip_ver, sip_addr, sport, dip_addr, dport, protocol);
if (rule) {
if (rule->direction != direction) {
- pr_info("Update direction of the rule from %d to %d\n", rule->direction, direction);
+ pr_debug("Update direction of the rule from %d to %d\n", rule->direction, direction);
rule->direction = direction;
}
spin_unlock_bh(&ecm_sfe_l2_policy_rules_lock);
@@ -341,7 +339,7 @@
list_add(&rule->list, &ecm_sfe_l2_policy_rules);
spin_unlock_bh(&ecm_sfe_l2_policy_rules_lock);
- pr_info("rule added\n");
+ pr_debug("rule added\n");
return true;
}
@@ -388,13 +386,13 @@
*/
fields = cmd_buf;
while ((token = strsep(&fields, " "))) {
- pr_info("\ntoken: %s\n", token);
+ pr_debug("\ntoken: %s\n", token);
option = strsep(&token, "=");
value = token;
- pr_info("\t\toption: %s\n", option);
- pr_info("\t\tvalue: %s\n", value);
+ pr_debug("\t\toption: %s\n", option);
+ pr_debug("\t\tvalue: %s\n", value);
if (!strcmp(option, "cmd")) {
if (sscanf(value, "%d", &cmd)) {
diff --git a/qca-nss-sfe/build.sh b/qca-nss-sfe/build.sh
index 2378401..09493c5 100755
--- a/qca-nss-sfe/build.sh
+++ b/qca-nss-sfe/build.sh
@@ -4,7 +4,7 @@
set -o errtrace
trap 'echo Fatal error: script $0 aborting at line $LINENO, command \"$BASH_COMMAND\" returned $?; exit 1' ERR
-PRODUCT_LIST="sirocco"
+PRODUCT_LIST="sirocco brezza"
NUM_JOBS=$(grep -c processor /proc/cpuinfo)
diff --git a/qca-nss-sfe/sfe_ipv4_udp.c b/qca-nss-sfe/sfe_ipv4_udp.c
index 4b15f7c..ec3b2e9 100644
--- a/qca-nss-sfe/sfe_ipv4_udp.c
+++ b/qca-nss-sfe/sfe_ipv4_udp.c
@@ -3,7 +3,7 @@
* Shortcut forwarding engine - IPv4 UDP implementation
*
* Copyright (c) 2013-2016, 2019-2020, The Linux Foundation. All rights reserved.
- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -263,7 +263,7 @@
* If our packet is larger than the MTU of the transmit interface then
* we can't forward it easily.
*/
- if (unlikely(len > cm->xmit_dev_mtu)) {
+ if (unlikely((len > cm->xmit_dev_mtu) && (!cm->up))) {
sfe_ipv4_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
rcu_read_unlock();
sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION);
diff --git a/qca-nss-sfe/sfe_ipv6.c b/qca-nss-sfe/sfe_ipv6.c
index 9670c7e..5b610dd 100644
--- a/qca-nss-sfe/sfe_ipv6.c
+++ b/qca-nss-sfe/sfe_ipv6.c
@@ -3,7 +3,7 @@
* Shortcut forwarding engine - IPv6 support.
*
* Copyright (c) 2015-2016, 2019-2020, The Linux Foundation. All rights reserved.
- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -1536,7 +1536,7 @@
reply_cm->top_interface_dev = NULL;
#ifdef SFE_GRE_TUN_ENABLE
- if (!(reply_cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_PASSTHROUGH)) {
+ if ((IPPROTO_GRE == tuple->protocol) && !(reply_cm->flags & SFE_IPV6_CONNECTION_MATCH_FLAG_PASSTHROUGH)) {
rcu_read_lock();
reply_cm->proto = rcu_dereference(inet6_protos[tuple->protocol]);
rcu_read_unlock();
diff --git a/qca-nss-sfe/sfe_ipv6_udp.c b/qca-nss-sfe/sfe_ipv6_udp.c
index 445b43f..74802eb 100644
--- a/qca-nss-sfe/sfe_ipv6_udp.c
+++ b/qca-nss-sfe/sfe_ipv6_udp.c
@@ -3,7 +3,7 @@
* Shortcut forwarding engine file for IPv6 UDP
*
* Copyright (c) 2015-2016, 2019-2020, The Linux Foundation. All rights reserved.
- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -269,7 +269,7 @@
* If our packet is larger than the MTU of the transmit interface then
* we can't forward it easily.
*/
- if (unlikely(len > cm->xmit_dev_mtu)) {
+ if (unlikely((len > cm->xmit_dev_mtu) && (!cm->up))) {
sfe_ipv6_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
rcu_read_unlock();
diff --git a/qca-ovsmgr/build.sh b/qca-ovsmgr/build.sh
index 84df137..b6c19ef 100755
--- a/qca-ovsmgr/build.sh
+++ b/qca-ovsmgr/build.sh
@@ -4,7 +4,7 @@
set -o errtrace
trap 'echo Fatal error: script $0 aborting at line $LINENO, command \"$BASH_COMMAND\" returned $?; exit 1' ERR
-PRODUCT_LIST="sirocco"
+PRODUCT_LIST="sirocco brezza"
NUM_JOBS=$(grep -c processor /proc/cpuinfo)
diff --git a/qca-ssdk/build.sh b/qca-ssdk/build.sh
index c0d1b70..16a23b1 100755
--- a/qca-ssdk/build.sh
+++ b/qca-ssdk/build.sh
@@ -4,7 +4,7 @@
set -o errtrace
trap 'echo Fatal error: script $0 aborting at line $LINENO, command \"$BASH_COMMAND\" returned $?; exit 1' ERR
-PRODUCT_LIST="sirocco"
+PRODUCT_LIST="sirocco brezza"
NUM_JOBS=$(grep -c processor /proc/cpuinfo)
diff --git a/qca-ssdk/make/linux_opt.mk b/qca-ssdk/make/linux_opt.mk
index 81680f8..dde7d85 100755
--- a/qca-ssdk/make/linux_opt.mk
+++ b/qca-ssdk/make/linux_opt.mk
@@ -1,5 +1,5 @@
MODULE_CFLAG :=
-LOCAL_CFLAGS :=
+LOCAL_CFLAGS := -fno-pic
ifeq (TRUE, $(SWCONFIG))
MODULE_CFLAG += -DIN_SWCONFIG
diff --git a/qca-ssdk/src/hsl/phy/qca808x.c b/qca-ssdk/src/hsl/phy/qca808x.c
index 4a6301a..ee16b6f 100755
--- a/qca-ssdk/src/hsl/phy/qca808x.c
+++ b/qca-ssdk/src/hsl/phy/qca808x.c
@@ -1,6 +1,7 @@
/*
* Copyright (c) 2018-2019, 2021, The Linux Foundation. All rights reserved.
- * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ *
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
@@ -340,7 +341,7 @@
static int qca808x_config_aneg(struct phy_device *phydev)
{
- a_uint32_t advertise = 0;
+ a_uint32_t advertise = 0, advertise_old = 0;
a_uint16_t phy_data = 0;
int err = 0;
a_uint32_t dev_id = 0, phy_id = 0;
@@ -380,8 +381,13 @@
if(!(advertise & ~(FAL_PHY_ADV_PAUSE | FAL_PHY_ADV_ASY_PAUSE))) {
return SW_BAD_VALUE;
}
- err |= qca808x_phy_set_autoneg_adv(dev_id, phy_id, advertise);
- err |= qca808x_phy_restart_autoneg(dev_id, phy_id);
+ err |= qca808x_phy_get_autoneg_adv(dev_id, phy_id, &advertise_old);
+
+ SSDK_DEBUG("advertise: 0x%x, advertise_old: 0x%x\n", advertise, advertise_old);
+ if(advertise != advertise_old) {
+ err |= qca808x_phy_set_autoneg_adv(dev_id, phy_id, advertise);
+ err |= qca808x_phy_restart_autoneg(dev_id, phy_id);
+ }
}
return err;
diff --git a/qca-ssdk/src/hsl/phy/qca808x_phy.c b/qca-ssdk/src/hsl/phy/qca808x_phy.c
index 43bb27a..bc109e6 100755
--- a/qca-ssdk/src/hsl/phy/qca808x_phy.c
+++ b/qca-ssdk/src/hsl/phy/qca808x_phy.c
@@ -630,8 +630,10 @@
rv = qca808x_phy_reg_write(dev_id, phy_id, QCA808X_PHY_CONTROL,
phy_data | QCA808X_CTRL_SOFTWARE_RESET);
SW_RTN_ON_ERROR(rv);
+
/*the configure will lost when reset.*/
- rv = qca808x_phy_ms_seed_enable(dev_id, phy_id, A_TRUE);
+ if (qca808x_phy_2500caps(dev_id, phy_id) == A_TRUE)
+ rv = qca808x_phy_ms_seed_enable(dev_id, phy_id, A_TRUE);
return rv;
}
diff --git a/requirements3.in b/requirements3.in
index cf3c711..3289284 100644
--- a/requirements3.in
+++ b/requirements3.in
@@ -4,5 +4,6 @@
kerberos==1.3.0
pycrypto==2.6.1
PyYAML==5.3
+scons==4.3.0
servo==1
sublime==0.1.0
diff --git a/requirements3.txt b/requirements3.txt
index 8c68261..bd60bda 100644
--- a/requirements3.txt
+++ b/requirements3.txt
@@ -1,5 +1,5 @@
#
-# This file is autogenerated by pip-compile with python 3.9
+# This file is autogenerated by pip-compile with python 3.10
# To update, run:
#
# pip-compile --output-file=requirements3.txt requirements3.in
@@ -16,9 +16,14 @@
# via -r requirements3.in
pyyaml==5.3
# via -r requirements3.in
+scons==4.3.0
+ # via -r requirements3.in
servo==1
# via -r requirements3.in
sublime==0.1.0
# via -r requirements3.in
wand==0.4.4
# via -r requirements3.in
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools